Latest News

Law firms’ employees are being warned to be extra vigilant during lockdown

Law Firms Urged to Safeguard Against Lockdown Cyber Crime

May 2020

Law firms’ employees are being warned to be extra vigilant during lockdown, with both the Solicitors Regulation Authority (SRA) and the National Cyber Security Centre (NCSC) highlighting that the legal profession – already a target for cyber criminals – is under increasing attack.

Since March 23, the SRA has issued 16 scam alerts, ten of which related to email or website impersonation. The SRA’s chief executive, Paul Philip, says, “Cybercrime is a priority risk for the legal sector and it is not going away during the Covid-19 pandemic.”[1]

However, according to the results of a cyber survey of legal firms, published in June 2019, three-quarters of the law firms surveyed failed a cyber readiness test. This is despite a Law Society online poll discovering that eight-in-ten legal practices had been subjected to at least one phishing attack in the previous 12 months.[2]

During lockdown, the SRA has said that a law firm was asked to set up a standing order for £4000 per month in one cyber scam. Furthermore, 2000 online scams relating to Covid-19 have been taken down by the NCSC, with this including 555 malware distribution sites and 200 phishing sites.

A review of 40 law firms which have been targeted in the past three years by cyber criminals, had some worrying findings. At the SRA Conference in October 2019, it was revealed that £4m of client money had been stolen from just 23 of the 40 over the past three years. 18 of these had to cover losses with the practice’s own money. Two of the firms studied had been the victims of over 600 attacks in the 3-year period.[3]

Around half of the attacks on law firms are through email modifications, in which cyber criminals purport to be a legitimate party, often in a conveyancing transaction. One such scam resulted in the transfer of £400,000 to the scammer. Luckily, the firm had insurance but still had to pay £5000 as the insurance excess and £900 compensation to a client. According to the SRA, email modification “relies on our complacency and trust.”

Clicking on a malware link is also easy to do, as an employee at a conveyancing firm discovered. The result of a simple mistake saw the firm have to shut for two weeks due to ransomware encryption, with the attack cost of £60,000 and it lost £150,000 in revenue.

Given the sums involved and the fact cyber criminals are now using Artificial Intelligence software to mimic the voices of legitimate members of a firm, according to the SRA, having cyber insurance is becoming a priority for businesses of all types and sizes. Attacks are often not just made on large companies but also small and medium-sized companies that may have less system protection and which act as gateways to bigger targets.

Lockdown is creating an environment within which cyber criminals can prosper and catch unwitting victims off guard. If you need to put cyber insurance in place, to protect your business, you can use our ‘Find a Local Broker’ to source an insurance broker who can assist you.

Disclaimer:Each applicable policy of insurance must be reviewed to determine the extent, if any, of coverage for COVID-19. Coverage may vary depending on the jurisdiction and circumstances. For global client programs it is critical to consider all local operations and how policies may or may not include COVID-19 coverage.

The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal and/or other professional advisors. Some of the information in this publication may be compiled by third party sources we consider to be reliable, however we do not guarantee and are not responsible for the accuracy of such information. We assume no duty in contract, tort, or otherwise in connection with this publication and expressly disclaim, to the fullest extent permitted by law, any liability in connection with this publication. Willis Towers Watson offers insurance-related services through its appropriately licensed entities in each jurisdiction in which it operates.

COVID-19 is a rapidly evolving situation and changes are occurring frequently The information given in this publication is believed to be accurate at the date of publication shown at the top of this document. This information may have subsequently changed or have been superseded, and should not be relied upon to be accurate or suitable after this date.